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ELEMENTS OF HIGH ORDER IN ARTIN-SCHREIER 
EXTENSIONS OF FINITE FIELDS F, 

F. E. BROCHERO MARTINEZ AND LUCAS REIS 


Abstract. In this article, we find a lower bound for the order of the coset 
X + b in the Artin-Schreier extension Fq [x\/{x'P — x — a), where fe G Fq satisfies 
a generic special condition. 


1. Introduction 

For many important applications (for example, see [T]), it is interesting to find 
an element of very high order in a finite extension field F^n. Ideally, one would 
choose a primitive element, but actually finding such an element is a notoriously 
hard computation problem. In fact, in order to verify that an element is primitive, 
we need to know the factorization of the integer q" — 1 or to solve the discrete 
logarithms problem in F^n. Now, with the tools currently known these two problem 
are very hard and they are the basis of modern cryptography. 

On one hand, there are several methods used to find a small set of elements of 
Fqn with at least one primitive element: In m, assuming the extended Riemann 
hypothesis (ERH), Shoup has showed a deterministic polynomial-time search pro¬ 
cedure in order to find a primitive element of Fp 2 ; Also using ERH, Bach [3] gives 
an efficiently algorithm in order to construct a set of 0((logp)'^/(loglogp)^) ele¬ 
ments, that contain at least one generator of F*; In [7], Gao has given an algorithm 
to construct high order elements for almost all extensions F^n of finite fields F^, 

" 1 

being the lower bound no less than ^. Chen [4] showed how to find, in 

polynomial time in A, an integer n in the interval [A, 2qN] and an element a € F^n 
with order greater than 5.8"/ 

On the order hand, many works have been done in order to find elements for 
which a reasonably large lower bound of the order can be guaranteed: Ahmadi, 
Shparlinski and Voloch [5] showed that if 6* G Fq 2 n is a primitive r-th root of the 
unity, where r = 2n -|- I is a prime, then the Gauss period a = 6 + 6~^ has order 

exceeding exp -|- o (1)^ > where p is a characteristic of the field 

(for other works about the order of Gauss period, see [5J |B]). Popovych BE 
improved the previous bound and gave a lower bound for elements of the more 
general forms 0^(0/ -|- a), + a){9^ + a) and -|- a){0^ + a)~^, where 

a G F*. In particular, he proved that the multiplicative order of the Gauss period 

P = 6 + 9~^ is not less than 5 '\/(’'“ 2 )/ 2 - 2 ^ p>5. 
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Finally, Popovych [10] considered the Artin-Schreier extension Fp? of finite field 
Fp and found that an element of order larger than 4^ by an elementary method. 
We emphasize that this Popovych’s result is weaker than the one, point out for 
Shparlinski in Voloch’s article [14], where, he say that the order of any root t of 
a;^ — a; — 1 in FpP exceeds r; 5.81589^. Unfortunately, that article does not 

contain the proof of that limitation and making the computational calculations of 
that bound, using Sage Mathematics Software, we verify that it is true only in the 
case that p > 4647. 

In this article, we consider the situation where — x — a is an irreducible 
polynomial of Fq[a:], where p is a characteristic of F^ and a G Fp. We find a 
lower bound for the multiplicative order of an element of the form {9 + b), where 9 
represents the coset of x in the Artin-Schreier extension '¥q[x\/{xP — x — a) and b 
satisfies an special condition. We also prove that, the probability that an element 
of Fq satisfies such special condition is close to 1 when q is large enough. 

Finally, in the case q = p, we show a lower bound which improves the result 
obtained by Popovych, but our lower bound does not reach the one appointed by 
Shparlinski-Voloch. 


2. Preliminaries 

Throughout this paper, Fg denotes a finite field of order q, where g = p" is a 
power of an odd prime p. 

For each irreducible polynomial f{x) G Fq[ai], it is known that Fq[ai]/(/) is a 
finite field with q^ elements, where d = deg(/). Reciprocally, every vector field F,jd 
is isomorphic to ¥q[x]/{f) with / an irreducible polynomial of degree d. 

There are few known results to ensure the irreducibility of polynomials in a finite 
field. For example. Theorems 2.47 and 3.75 in m show the necessary and sufficient 
conditions for irreducibility of cyclotomic polynomials $j.(x) and binomials x* — a, 
respectively. Other well-known result about the irreducibility of other family of 
polynomials is the following. 

Lemma 2.1. The polynomial — x — a G Fq[x] is irreducible, if and only if, it 
has no roots in F^. 

For the proof of this result, see (Theorem 3.78, my In particular we have that 

Proposition 2.2. Let n be positive integer and a G F*. The polynomial fix) = 
xP — x — a is irreducible in Fq[x], if and only if, such that p\ n. 

Proof: By Theorem 2.25 in m. it is known that a = IP — b, for some 6 G F^, 
if and only if, Tr^ jp (a) = a -|- -I- • • • -I- a^” ^ ^ 0. Since a G Fp, it follows that 
Tr]F_^|]Fp(a) = na. But Tr]F^|]Fp(a) 0, if and only if, p does not divide n. □ 

The main results of this paper is the following one: 

Theorem 2.3. Let x^ — x — a be an irreducible polynomial of F^, with q = p^ 
(n> 2) and a G Fp. If 9 is the coset ofx in the Artin-Schreier extension Fq[x]/(x^ — 
X — a) and b € ¥q satisfies that b ^ Fpm, for all m proper divisor of n, then the 
multiplicative order of 9 -\-b is lower bounded by 

I I 2n + 1 / (2n -H 1)^’"+^ \ / 1 / 4n^ n\ 

7r(p — I) V 2n — 1 \ (2n — y 3(p — 1) V4n^ — 1// 
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In particular, for every e > 0 and n > Ne, 

\{e + b)\>-{{e-e)i2n + l)r-\ 

irp 

And for the case p = q, i.e., n = 1, we obtain 
Theorem 2.4. Let a ^ 0 and b be arbitrary elements o/Fp. Then the multiplicative 
order of (9 + b) in -r is lower bounded by 

Observe that using the fields isomorphism 

(xP — x — a) (xP — x—l) 

h{x) I— h(ax) 
we only need to prove the Theorem in the case a = 1. 


3. The finite field ¥q[x]/{xP — x — 1) 

Throughout this section, — a; — 1 is an irreducible polynomial of Fq[a;], where 
q = p”, gcd(p, n) = 1. Also, 9 represents the coset of x in the Artin-Schreier 
extensions K := ¥q[x\/{xP — x — 1) and b £¥q\ An, where 

An = [J Fpm. 

m|n 

mjin. 

Before we estimate the order of 6* + 6, let us show that almost all element of F^ 
satisfies the condition that we are imposing on b. 

Theorem 3.1. The number of elements of¥q \ is ''^^p‘^fj,(ri/d), where pL is the 

d\n 

Mobius function. In particular, the probability that a chosen element in Fg does not 
belong to An is greater than 1 — ^t=t 7 T: where r is the smallest prime divisor of n. 

Proof: For each positive integer m, let g : N* —>■ N be the function defined by 

g{m) = |Fpm \ 

Clearly, for each positive integer to, g{m) counts the number of elements in Fpm, 
which are not in any proper subfield of Fpm. Since each proper field is of the form 
Fpi, where l\m, then 

^p(d) = |Fpm|=p-. 
d\m 

By the Mobius Inversion Formula, it follows that 

gim) = '^p'^p,{m/d). 

d\m 

Now, let us calculate an upper bound for the number of elements in An- Let us 
suppose that pf^ .. .pf‘ is the factorization of n in prime factors, where pi < ■ ■ ■ < 
Ps- For each proper divisor d of n, there exists a prime pi (1 < t < s), such that 
d\{n/pi). Thus An C IJ Fp^i where Ui = —. In particular 

1<Z<S 

|A„| < I U Fpn. I < ^ < p"/P^ logp^ n = q^/P^ logp^ n. 

l<i<s l<i<s 
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Therefore, the probability that a chosen element in F, does not belong to An is 
greater than 

^ lAJ logpiW 


This theorem proves that almost all element in F, satisfies the condition that we 
imposed on b. Now, we need the following technical lemmas: 


Lemma 3.2. Let i and j be integers such that 0 < i, j < np — 1. If i ^ j, then 
i + bP' ^j + bP". 

Proof: Let io (respectively jo) be the remainder of i (respectively j) divided by 
n. We can suppose, without loss of generality, that io > jo- Clearly, bP =bP° and 
jjP^ — bP ^°, Now suppose, by contradiction, that i + bP = j + bP^ and therefore 

(1) {j - i) = bP'° - bP'°. 

In the case when io = jo, we have that j = i (mod n), i.e., j = i + nk for some 
integer k and 

(2) 0 = bP^ — bP = i — j = nk. 

It follows that p divides fc, what is impossible because 0 < \i — j\ < np. 

Thus 0 < iQ — jo < n, and taking the th power in ([2]), we have 

J — I = 0^ — b = 0^ — b. 

Thereby, there exists 0 < t < n such that IP* — b G Fp, or equivalently —bP = 
{bP* — b)P = bP* — b. This last equation can be rewritten as bP — b = (fp — b)P*, i.e., 
bP — b is an element of Fpt. Furthermore, if 6 ^ Fpt, by Lemma [2TT1 the polynomial 
xP — X — {bP — b) is an irreducible polynomial of Fpt. We obtain, in any case, that 
b G Fppt. Since b is also in Fpn, we conclude that b belongs to 

Fppt n FpP = Fpgcd(pt,n) = Fpgcd(t,n) , 

where gcd(t, n) < n is a proper divisor of n and so we have a contradiction with 
the choice of 6 ^ An- Q 


Lemma 3.3. Let t, s be nonnegative integers sueh that 0<t + s<p—1 and let 
Is,t be the subset oflPP such that r := (ro,ri,... ,rnp-i) G Is,t if and only if 

{-rj) <t and Y ^ « 

0<j<np—1 0< j <7ip — 1 

Pj<0 rj>0 

Then the function 

A : Is,t G 

r ^ n {d + b)^^P\ 

0<j<np—1 

where G = {9 + b) < K*, is one to one. 

Proof: Since 6 is the coset of x in the quotient field K = then each 

element of K is the coset of a unique h{9), where is a polynomial in Fq[x] of 
degree at most p — I. In addition, 6p = 6 + 1 and, accordingly, for all j G N, 

^ ^ffpjp^ =(9+ 1)P' = QP' + 1. 
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It follows, inductively, that 


QP' =e + j for all .7 >1, 


and, thereby, for each r = (ro,..., r„p_i) G Is,t 


A{f)= {e + bY*p'= {9 + i + bp'y\ 

0<i<np—l 0<i<np—l 

Now, suppose that s = (so, • ■ •, s„p_i) is another element of Is,t such that A(Z?) = 
AiE), i.e., 

n {9 + t + bp'y^= n (o+j + t^yy 

0<i<np—l 0<j<np—1 


thus, the polynomial 


Fix)= {x + i + bP'y* {x + j + bPy-^^ 

0<i<Tip — 1 0<j<np — 1 

ri>0 Sj<0 


is congruent to the polynomial 


G{x)= n (x+j+bp'y^ n {x+t+bp')-^^ 

0<j<np — 1 0<i<Tip — 1 

Sj>0 r-i<0 


modulo xP — X — 1. 

Since deg(F) <s + t<p— 1 and deg(G) < s + t < p — 1, it follows that 
F{x) = G{x). Further, by Lemma [321 we know that x + i + bP' y x + j + bP\ for 
all 0 < i < j < np — 1, therefore r = s, as we want to prove. □ 

We emphasize that, in the last step of Lemma, is essential the condition that we 
imposed on b. 

Lemma 3.4. Let Ig^t be as in the Lemma rOl Then 


(3) 


i^.*i = EE 


j—O i—O 






In particular, 


\y 


s,t 


> 


np + t — s 
t 


np - 


Proof: Observe that, for each j < t and i < s, we can select j coordinates of 
r to be negative and i coordinates to be positive and this choice can be done of 

(T) ways. Besides, the number of positive solution of a;i + a ;2 H- + Xi < s 

is (®) and the number of positive solution of cci + 2:2 + • • • + a;^ < t is (*). Thus, for 
each pair i,j, there exist (”^) (®) (*) elements of Is^t and then, adding over all 


6 


F.E. BROCHERO MARTfNEZ AND LUCAS REIS 


i and j, we conclude the equality ([3]). In addition 


i=0 \ ^ Z j=0 ^ 


''np — i\ ft 

j 


= E 


f np^ f np + t — i 
t 


> 


i=0 

np -\-t — s 
t 


E 


s \ ( np 


i=0 

np + t — s\ fnp + s 
t 


□ 

Before proceeding to prove the main Theorems, we need the following technical 
Lemma, that is essentially a good application of Stirling approximation. 

Lemma 3.5 f |12) Corollary 1). For all s > 0 and r > 1, we have 


Cr • 4 • ^ • 0(r,s) < 

Vs 


^ Cr ‘ dj. ‘ _, 

Vs 


where 


and 


27r(r — 1) 


dr = 


0(r, s) = exp I — —— I 1 


1 


(r-l)-! 
1 


12s \ r[r — 1)^ 

We emphasize that these upper and lower bounded are very close when s ^ 0. 
4. Proof of Theorem 12.31 

By Lemma [T3l we know that |(0 + 6)| > |/s,t|, for all nonnegative integers s and 
t such that s + t < p — 1. So, by Lemma [3^ we have that 

fnp + t-s\ (npF 

(0 + 6) > max 

0<s+t<p-l 


> 


np 


np +{p- l)/2\ 


^\{p-l)/2)\ (p-l)/2 )■ 

Now, using Lemma 13.51 each binomial coefficient can be bounded by 
np \ f2n{p-l)/2 


{p-l)/2) > V (p-l)/2 
> 


/ 2n 

{ \ 

1 7r(2n - l){p- 1) 

\{2n- 


0(2n- 1) 


and 


np+{p- l)/2^^ ^ ({2n+ l){p - l)/2 


(p-l)/2 


(p-l)/2 


> 


/ 2n + 1 

/(2n+ 

/ 7r(2n)(p- 1) 

(2n)2" ) 
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where 0(z) = exp (l + ■ 

Multiplying these two inequalities and simplifying, we conclude that 


\{0 + b)\> 


1 /2n + 1 /(2n+ 


(p- 1) V 2n- 1 V(2n- 1)2" 




exp 


1 

3(p - 1) 



Therefore, we obtain the first part of the Theorem. 

For the second part, observe that the sequence {a„}„gN defined for each n > 2, 


as a„ 


{ 2n±l A 


(2n-l)(p-l) + l 

, is an increasing sequence satisfying 


02 > \/x( 2.1516)*’ ^ and lim a„ = 

y 3 n—¥oo 

Therefore, for n > 2, we can find a simpler but weaker estimate 

In the case n large enough, we have that 

{e-er'<a.<e--' and exp > 

therefore 

>-l((e_e)(2„ + l)f-i, 

irp 

as we want to prove. □ 

The following table the lower bounded of | (0 + 5) |, for some values of n, where 
the value of p appears as a parameter 


n 

irp- (d + 6) 

2 

12.22377P 

3 

17.65835P 

4 

23.09586^ 

5 

28.53356P 

10 

55.71983P 

100 

545.01494P 

1000 

5437.92274P 

10000 

54366.9957^ 


1 ) 


45(p - 1) ’ 
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5. Proof of Theorem 12.41 


The polynomial a;^ — a: — 1, is always an irreducible polynomial of Fp[a;] and the 
condition imposed on b is empty. So, by Lemma [3.41 we have that 


K6» + 6)|> max 


= max 

0<s<p-l Y p — 1 — S 


= max 

- - p 

pxeN 


1 


= - max 1 ^ X 

2 o<a<£^ 

pAeN 


— s\lp-\-S 

t A s 

2p — 1 — 25 "^ fp + s 

2p — 1 — 2pX\ fp + pX 
p-l-pX )\ pX 

p{2 - 2X)\ fp{l + X) 
pX 


The same way, using Lemma 13.51 we obtain that 


I (0+6) I > max 


1 


1 + A 


o<a<e;M. TTpV 2A(1 — A) 


A^ 


0(2,p(l-A))0 


1 + A 


pA , 


pAeN 


in particular, taking A = ^, it follows that 


(0 + 6) > —e 12 
■np 


□ 


Remark 5.1. In summary^ for the case FpP and p ^ we observe that lower 
bound of\{6-\-b)\ is 0{4P) in Popovych^s paper, 0(5.81589^) in Voloch’s article and 
0(5.3333^) in our result. 
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